Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2020-25019

Good to know:

icon

Date: September 3, 2020

jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.

Language: JS

Severity Score

Related Resources (5)

https://security.stackexchange.com/questions/225799
https://github.com/jitsi/jitsi-meet-electron/releases/tag/v2.3.0
https://nvd.nist.gov/vuln/detail/CVE-2020-25019
https://github.com/jitsi/jitsi-meet-electron/commit/ca1eb702507fdc4400fe21c905a9f85702f92a14
https://www.mend.io/vulnerability-database/CVE-2020-25019

Severity Score

Weakness Type (CWE)

Insufficient Verification of Data Authenticity

CWE-345

Top Fix

icon

Upgrade Version

Upgrade to version 2.3.0

Learn More

CVSS v3

Base Score:
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): PARTIAL

CVSS v2

Base Score:
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH
Additional information:

Do you need more information?

Contact Us